We have launched the new version of the DrayTek website, and this content is no longer being maintained.
You will find more information on our new site; however, we will keep this page for a few months.

[Vigor3900] How to block the service by using the firewall to block the certain port?

To access the service on the internet, we will need to connect to the server IP address and the specific port, so the packets will be sent to the correct server, and the packets will be listened by the correct program. In some scenario, network administrator may not want to let the clients access some service; or, wants to enhance the security of the internal network, to prevent some malwares from access the resource, stole the information, and abuse the internet. Network administrator can set the firewall rule on Vigor Router to block the connection by certain port. The client will not be able to access such resource if the port is blocked, and the malware will not be able to access their own server.

This document will describe how to restrict the service that client or program are using by blocking the certain port, so they will not able to access the resource on the internet. Imagine that a company wants to prevent the confidential information leakage, the network administrator wants to block all the FTP transmission between the local network and the internet. Usually, the FTP service uses TCP port 21 as the major command port. The steps and details will be described in the following paragraphs.

Note: Except the ports you have set to be open and redirection to the internal IP addresses, Vigor Router will block all the transmissions which initiate from the internet to the local network by default. Therefore, we will focus on blocking the transmission from LAN to WAN in the following paragraphs.

(This article applies to Vigor3900, Vigor2960 and Vigor300B, for other models, please refer to the article here.)



1. Go to Object Setting >> Services Type Object:

a. Create service object
b. Type the profile name
c. Set the destination TCP port 21 for FTP


2. Create a IP Filter Group then click Add to create a IP Filter rule for Restricted User,

a. Check Enable.
b. Select Block for Action.
c. Select Any as Input Interface. (Please set the source IP address here if you want to regulate the specific IP address only.)
d. Select Any as Output Interface.
e. Select "FTP" as the Services Type Object.
f. Apply the settings.


3. On the page System Maintenance >> Syslog / Mail Alert >> Syslog File, we may see the web browsing action has been blocked by Vigor3900.

Was this article helpful?
65[Vigor3900] How to block the service by using the firewall to block the certain port? has been viewed------ 65 ------times.